In re comparing fire drills to phishing tests[1], if phishing tests were like fire drills, they would test the response to a successful phish. Was the person phished able to rapidly report and mitigate things? Do the organization's phish alarms work and reach people? Etc etc.
Current "phishing tests" are like testing people to see if they accidentally start fires if they're handed (dangerously) flammable materials. That's not a fire drill.
Pretty much every time I change the time of an alarm on my phone I am irritated all over again at the fundamental laziness and robotic computer-ness of time controls. What I want to do is move the time forward or backward, not to separately change (or set) the hours and the minutes. But separate 'hour' and 'minutes' spinners or options are the easy computer way out so that's how UIs implement it.
Dear self, just because you have finished listening (once) to all of the new music you picked up last BC Friday is no reason to go pick up more. Among other things, you still have ~400 or so releases not listened to from two 'buy our 250-release catalog for cheap' offers in the past. So at least listen to some more of them before giving in to temptation. (Yes I have a 'to purchase' list.)
(Normally I would hold off for the next BC Friday but that's not going to be for months.)
It's surprisingly difficult to bicycle at 10 km/h and no more, at least on my bike with standard 700c wheels. It generally feels like if I sneeze I'll go clearly over and it's easy to drift into too fast.
(Toronto's Mt. Pleasant cemetery has an official bike speed limit of 10 km/h. One of my personal perverse acts is that when I go through it riding by myself, as I did today, I try to stick to this speed limit. It's absurdly hard to go that slow but oddly fun.)
It has been '0' days since I wrote 'Oath' when I meant to write 'OAuth'. Such a tempting not exactly a typo, more a mind slip.
(Also, don't ask me to describe the differences between OIDC and OAuth2, and I suspect that all sorts of documentation blurs the two and talks about 'OAuth2' when it really means 'OIDC'. For example, I'm not sure Grafana would be happy with a pure OAuth2 provider that didn't add the extra OIDC stuff, although maybe it would be.)
Happy or unhappy "first day of AC" for those people in Toronto who are reluctantly observing it. Yes, I'm a wimp, but my place heats up easily and 80 F / 26.5 C in my little home office makes me unhappy. (Although now I look that's about the outside temperature too.)
Maybe I can get away with just running AC for not too long to knock down the heat. And the weather forecast has us returning to low-20s or below weather for the weekend.
Toronto's temperate spring: enjoy it while it lasts.
Toronto's waterfront fog can sometimes give you absolutely marvelous photos and moments, as I was reminded by posts yesterday evening by @nev . Many years ago I was lucky enough to take a photo in mid-summer evening fog along the waterfront that I rather like: https://www.flickr.com/photos/22276923@N06/4788499989/
Why yes unnamed cloud vendor, I do appreciate you making the tiny system disk of my dinky, basically as cheap as possible VM be your "premium SSD" offering. I am sure I will need all those more expensive IOPS for (checks notes) automated Ubuntu package updates.
Also, no. I'm not surprised, I'm just disappointed at cloud vendor practices. It sure is nice to feel like they're out to ruthless exploit me.
It's certainly better to discover that my commuter bike has a flat rear tire on a Sunday afternoon than on, say, a Tuesday morning when I'm about to commute with it. But I'd rather not have the flat.
(You know how the bike mechanic at your local bike shop can change your flat tire in no time at all and make it look like magic? Me with flat tires is the exact reverse of that. I will forever be the last place finisher in any flat-changing competition.)
Well, that was a learning experience not just about where DNS servers put information when you query them with 'what are the NS records for this subdomain', but also on how some of our local DNS servers are configured. (In a way that kind of surprises me, for one of them.)
TIL that if you ask a parent authoritative server for NS records for a subdomain, they show up in the 'authority' section of the reply, not the 'answer' section. For (perfectly good) DNS reasons.
Half formed hot take: the Linux kernel CVE situation is the tip of an emerging iceberg as OSS people push back and refuse to do supply chain/security work for free just because third parties want it.
(AFAIK, the ultimate trigger was third party maintainers of old kernels wanting the mainstream kernel to note all changes that turned out to be security fixes so the 3rd parties could backport them and only them. Identifying what is actually a security fix is non-trivial extra work (& fallible).)
How good was (is) the Linux kernel at security assessments? Well, between 2006 and 2018, 41% of kernel CVEs had already been fixed in the main kernel by the time they were reported as security issues (in someone's kernel), and the overall average 'time to fix' was -100 days. Clearly a lot of security fixes were not being recognized as such. Which is not a surprise; modern exploit developers are extremely clever.
Blog post: Some ideas on what Linux distributions can do about the new kernel situation https://utcc.utoronto.ca/~cks/space/blog/linux/DistributionKernelHandling2024
tl;dr: distributions can longer release whenever they want, have the same kernel version for years and years, and have great security (unless they want to do a lot of work themselves). But realistically they never could.
Volunteer run distributions should probably get used to updating their kernel versions over the lifetime of a release. Commercial ones? Whatever you'll pay for.
We used to operate one of the university's authoritative secondary DNS servers for all of the university's domains. Many years ago, we ceased doing this, reducing the server to just being authoritative for our own domains. Today I learned that there are a lot of people on the Internet still querying us for other people's domains that we haven't been NS records for for years. Where are they picking this up from? It is a mystery.
Bonus: some of the people still querying our DNS server for domains we aren't authoritative for appear to be (other people's) within-university DNS servers. All I can say is WHAT.
This is my face when I pull the name server statistics from our 'used to be an authoritative secondary and no longer is' DNS server and discover that more than 80% of the queries are for things we don't serve any more. This is also my face when I pull a tcpdump to look at the sources of this traffic and they are all over the place, including from eg 'DNS-8-0-10-3.Chicago1.Level3.net'. And a lot of AWS machines.
I've now created my first cloud (virtual) machine. It is of course a special snowflake, because I had no desire to try to simultaneously learn this cloud vendor's web UI, terminology, etc and also some cloud machine automation setup. At least it's an extremely simple special snowflake and I kept notes (and off-machine copies of everything important).
I suspect that it is terribly set up and there are much better ways to do what I want, but meh. It's simple.
@phillmv Yep, we're still on-premise (although I've used locally hosted VMs for testing for years). Partly this is because of (our) university funding model, where it's very hard to guarantee ongoing funding but it's comparatively easy to get one-time funding through grants. The cloud converting one-time capex into ongoing opex is terrible for us; we can't be sure of the opex funding, and if we stop paying the cloud goes away. Hardware is ours for as long as it keeps working.
Goids are designed to be big enough that they will never be reused: a uint64 is enough to generate a new goroutine every nanosecond for 500+ years before wrapping around, and after 500 years you should probably stop and pick up some security updates.
This is my face when people think it is a good idea to make your computer make bubble-popping noises when you change the sound volume. I AM LISTENING TO MUSIC YOU GOONS, IT IS NOT IMPROVED BY RANDOM BUBBLE POPS.